想好好理解下alertamanager中route的规则解读,趁着这个机会,就直接拿着官方的demo文件进行解读.文件内容如下:
routes:
- match_re:
service: ^(foo1|foo2|baz)$
receiver: team-X-mails
routes:
- match:
severity: critical
receiver: team-X-pager
- match:
service: files
receiver: team-Y-mails
routes:
- match:
severity: critical
receiver: team-Y-pager
- match:
service: database
receiver: team-DB-pager
# Also group alerts by affected database.
group_by: [alertname, cluster, database]
routes:
- match:
owner: team-X
receiver: team-X-pager
continue: true
- match:
owner: team-Y
receiver: team-Y-pager
对文件内容进行分拆分析
- match_re:
service: ^(foo1|foo2|baz)$
receiver: team-X-mails
routes:
- match:
severity: critical
receiver: team-X-pager
当服务 foo1|foo2|baz出现问题的时候,如果告警的解决的级别是critical,就会发送给team-X-pager组;当没有匹配到的情况下,默认发送给team-X-mails
- match:
service: database
receiver: team-DB-pager
# Also group alerts by affected database.
group_by: [alertname, cluster, database]
routes:
- match:
owner: team-X
receiver: team-X-pager
continue: true
- match:
owner: team-Y
receiver: team-Y-pager
当服务是database出现问题的时候,如果匹配的标签是team-X,就会发给team-X-pager;继续匹配,当匹配的标签是team-Y,就会发给team-Y-pager;如果都没有匹配到,则默认发送给team-DB-pager
相关组标签的解释
Alertmanager可以对告警通知进行分组,将多条告警合合并为一个通知。这里我们可以使用group_by来定义分组规则。基于告警中包含的标签,如果满足group_by中定义标签名称,那么这些告警将会合并为一个通知发送给接收器。
有的时候为了能够一次性收集和发送更多的相关信息时,可以通过group_wait参数设置等待时间,如果在等待时间内当前group接收到了新的告警,这些告警将会合并为一个通知向receiver发送。
而group_interval配置,则用于定义相同的Group之间发送告警通知的时间间隔。